Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 19-08-2016 Executado por Usuario (20-08-2016 09:35:49) Executando a partir de C:\Users\Usuario\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-02-25 19:41:42) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-612379544-3706749691-2850370343-500 - Administrator - Disabled) Convidado (S-1-5-21-612379544-3706749691-2850370343-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-612379544-3706749691-2850370343-1002 - Limited - Enabled) Usuario (S-1-5-21-612379544-3706749691-2850370343-1000 - Administrator - Enabled) => C:\Users\Usuario ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-612379544-3706749691-2850370343-1000\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.26 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology) AVG (HKLM\...\AvgZen) (Version: 1.81.2.29057 - AVG Technologies) AVG (Version: 16.101.7752 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4647 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.101.7752 - AVG Technologies) AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.4.0.518 - AVG Technologies) AVG Zen (Version: 1.81.13 - AVG Technologies) Hidden Baidu Browser (HKLM-x32\...\Spark) (Version: 43.18 Preview - Baidu Inc.) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.3.0.23 - Byte Technologies LLC) <==== ATENÇÃO Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver 1.3 (HKLM\...\{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}) (Version: 1.3 - OEM) FMW 1 (Version: 1.112.3 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HP Deskjet 2050 J510 series Software básico do dispositivo (HKLM\...\{2DCBB45E-AA03-4089-87E7-EC17E606D738}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT) IHMC CmapTools v5.05.01 (HKLM-x32\...\IHMC CmapTools v5.05.01) (Version: 5.0.5.1 - Institute for Human & Machine Cognition) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) IPM 1.8 (HKLM-x32\...\{AADF4228-0772-4D43-92EB-B245E3A17B00}) (Version: 1.8 - OEM) I-PowerGate v1.0 (HKLM-x32\...\{6855D62A-B38C-4A3C-B047-B5C362DF0665}) (Version: 1.0 - OEM) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle) JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.24.7 - JMicron Technology Corp.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.53.5 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 4.1.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.1.6 - ) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden MetaFrame Presentation Server Web Client for Win32 (HKLM-x32\...\MetaFrame Presentation Server Web Client for Win32) (Version: - ) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MPC-HC 1.7.10.252 (e91b41e) Nightly (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10.252 - MPC-HC Team) NTRU TCG Software Stack (Version: 2.1.28 - NTRU Cryptosystems) Hidden Nuvoton SafeKeeper(TM) TPM Software (HKLM-x32\...\{87EE1E0B-809C-4B52-B1A7-AE59706D0C7B}) (Version: 6.0.4803.0003 - Nuvoton Technology Corporation) OSD 1.10 (HKLM-x32\...\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}) (Version: 1.10 - OEM) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) PrtScr 1.5 (HKLM-x32\...\PrtScr_is1) (Version: - FireStarter) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.12.0 - Ralink) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0157 - REALTEK Semiconductor Corp.) Secure Download Manager (HKLM-x32\...\{F0858165-B8DB-4347-89B8-6D9F882B9BF3}) (Version: 3.1.60 - Kivuto Solutions Inc.) Suplemento Microsoft Salvar como PDF para programas do Microsoft Office 2007 (HKLM-x32\...\{90120000-00B0-0416-0000-0000000FF1CE}) (Version: 12.0.4518.1019 - Microsoft Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated) The Desktop Weather 2.0.1.11389 (HKLM\...\WeatherTool) (Version: 2.0.1.11389 - ShenZhen Enode Techology co,.Ltd) <==== ATENÇÃO TweakBit FixMyPC (HKLM-x32\...\{CA7C4C80-24B8-4027-8849-0C302333C427}_is1) (Version: 1.7.1.3 - Auslogics Labs Pty Ltd) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Visualizador do Microsoft PowerPoint (HKLM-x32\...\{95140000-00AF-0416-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Warsaw 1.12.4.14 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.12.4.14 - GAS Tecnologia) Webcam 1.5 (HKLM-x32\...\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}) (Version: 1.5 - OEM) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {1C7F543B-0F52-4728-9951-D8DD63744B14} - System32\Tasks\{5DBCE3DF-6B31-4295-A7CC-867868E1AB74} => pcalua.exe -a "C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2NVPW3Y\iGBPCEFgb.exe" -d C:\Users\Usuario\Desktop Task: {33E8D48E-9481-423F-9F49-D5F06B576DC2} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&lang=pt-br Task: {488313F3-FB70-4ED5-BBB0-747ACDBB1A40} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-10] () Task: {4A76CF37-BBB4-4FE4-B541-777B615DAEBC} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-06-20] (Byte Technologies LLC) <==== ATENÇÃO Task: {52C53128-085D-42F4-B325-5838CBB029E1} - System32\Tasks\{1E7D9296-57FB-4225-BD5E-60203A00D867} => C:\Users\Usuario\Downloads\iTunesSetup.exe [2016-05-21] () Task: {62FCAB35-49AD-4A2A-825F-ED59A41FE88C} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-06-20] (Byte Technologies LLC) <==== ATENÇÃO Task: {8E168BA1-EAC1-4B9E-8BD9-A4B13C8DCC8F} - System32\Tasks\TweakBit\FixMyPC\Start FixMyPC оn logon => C:\Program Files (x86)\TweakBit\FixMyPC\FixMyPC.exe [2016-07-12] (TweakBit) <==== ATENÇÃO Task: {9C4D315C-D06C-4418-9355-2A50156F56CC} - System32\Tasks\SparkUpdater => C:\Program Files (x86)\baidu\Baidu Browser\SparkUpdate.exe [2016-06-05] (Baidu.com, Inc.) Task: {AE93307C-9643-4BF9-B60C-D6D63397CE81} - System32\Tasks\TweakBit\FixMyPC\Time for deal => C:\Program Files (x86)\TweakBit\FixMyPC\FixMyPC.exe [2016-07-12] (TweakBit) <==== ATENÇÃO Task: {C3809594-F95F-4C14-AB21-82B17B2F0CF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {D71DA433-10F6-47D9-A21B-3610CD58A073} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeI--new-window hxxp:/toolbar.avg.com/ ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Usuario\Desktop\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=1508&aff_id=1034&source=1&click_id=d2feaadf60467c7a88866eb164605160282fd945 --app-window-size=1366,768 ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=1508&aff_id=1034&source=1&click_id=d2feaadf60467c7a88866eb164605160282fd945 --app-window-size=1366,768 ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=1508&aff_id=1034&source=1&click_id=d2feaadf60467c7a88866eb164605160282fd945 --app-window-size=1366,768 ShortcutWithArgument: C:\Users\Public\Desktop\Facebook.lnk -> C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () -> --useraction=facebook hxxp://www.facebook.com ShortcutWithArgument: C:\Users\Public\Desktop\Google.lnk -> C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () -> --useraction=google hxxp://www.google.com ==================== Módulos Carregados (Whitelisted) ============== 2013-03-19 11:38 - 2012-10-04 18:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll 2016-07-25 20:18 - 2016-07-25 20:18 - 00254264 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe 2016-07-25 20:18 - 2016-07-25 20:18 - 00564024 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe 2016-05-30 03:24 - 2016-05-30 03:24 - 00150640 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11389\WeatherService.exe 2016-05-30 03:30 - 2016-05-30 03:30 - 01049712 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11389\WeatherEntryDll.dll 2011-04-10 10:40 - 2011-04-10 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-01-14 10:03 - 2011-01-14 10:03 - 01108480 _____ () C:\Program Files (x86)\OEM\IPM 1.8\IPM.exe 2010-10-12 16:35 - 2010-10-12 16:35 - 00549376 _____ () C:\Program Files (x86)\OEM\OSD 1.10\SunflowerOSD.exe 2015-05-07 20:12 - 2016-07-01 20:22 - 02662472 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe 2016-05-29 11:36 - 2016-06-05 10:13 - 00983352 _____ () C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe 2016-05-30 03:21 - 2016-05-30 03:21 - 00543344 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11389\EVPTask.dll 2016-05-30 03:20 - 2016-05-30 03:20 - 00406640 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11389\EVPNet.dll 2016-05-30 03:19 - 2016-05-30 03:19 - 00428656 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11389\EVPDR.dll 2016-05-30 03:20 - 2016-05-30 03:20 - 00747120 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11389\EVPKernel.dll 2016-05-30 03:20 - 2016-05-30 03:20 - 00327280 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11389\EVPHelp.dll 2009-11-17 17:21 - 2009-11-17 17:21 - 00092160 _____ () C:\Program Files (x86)\OEM\IPM 1.8\SoilIO.dll 2011-01-14 10:04 - 2011-01-14 10:04 - 00207360 _____ () C:\Program Files (x86)\OEM\IPM 1.8\vista.dll 2009-11-17 17:21 - 2009-11-17 17:21 - 00092160 _____ () C:\Program Files (x86)\OEM\OSD 1.10\SoilIO.dll 2010-09-24 09:49 - 2010-09-24 09:49 - 16138240 _____ () C:\Program Files (x86)\OEM\OSD 1.10\Media.dll 2016-05-18 20:37 - 2016-05-18 20:37 - 00527944 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\log4cplusU.dll 2016-01-04 19:29 - 2016-04-17 08:35 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2013-03-12 10:47 - 2013-03-12 10:47 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9a6476e0725c79a5e8787d0d2f83c458\IsdiInterop.ni.dll 2011-06-28 16:48 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 01018168 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdxui.dll 2016-08-17 19:14 - 2016-08-02 21:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-17 19:14 - 2016-08-02 21:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 00430904 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdminiopenssl.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 00219448 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdbrowsertray.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 00410936 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdxctrl.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 00521016 _____ () C:\Program Files (x86)\baidu\Baidu Browser\xnet.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 00276792 _____ () C:\Program Files (x86)\baidu\Baidu Browser\p2squery.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 00321848 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdaccount.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 00581432 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdstatreport.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 00116024 _____ () C:\Program Files (x86)\baidu\Baidu Browser\SparkSafe.dll 2016-05-29 11:37 - 2016-05-29 11:37 - 00083088 _____ () C:\Users\Usuario\AppData\Roaming\baidu\Spark\sysdata\ExtApp\SnapImg\SnapImg.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 01281848 _____ () C:\Program Files (x86)\baidu\Baidu Browser\libglesv2.dll 2016-05-29 11:36 - 2016-06-05 10:13 - 00080696 _____ () C:\Program Files (x86)\baidu\Baidu Browser\libegl.dll 2016-05-29 11:36 - 2015-06-19 01:38 - 14965064 _____ () C:\Program Files (x86)\baidu\Baidu Browser\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:A2D5F572_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:A2D5F572_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2770] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-612379544-3706749691-2850370343-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-612379544-3706749691-2850370343-1000\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-612379544-3706749691-2850370343-1000\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-612379544-3706749691-2850370343-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-08-19 10:45 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com Existem ainda 4 mais linhas. ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-612379544-3706749691-2850370343-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{78C0DCF3-FD4D-4CA5-AEDD-DF852ECFEB18}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{91850521-3058-4DDA-A45A-568250E3987F}] => (Allow) LPort=2869 FirewallRules: [{85F25A7F-EA79-4837-811D-F0AC25994163}] => (Allow) LPort=1900 FirewallRules: [{7122E6BD-8824-4591-87B0-F37729503E14}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{129B24A6-574D-4DE4-A2B0-173AD91B7042}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{9D6F96C3-E261-4389-B76B-A4A6D8B158D4}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe FirewallRules: [TCP Query User{A6955C27-AA02-432D-BCCA-DA979653BCB3}C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe FirewallRules: [UDP Query User{150D0F55-A150-4A82-AE0A-28CEC4EC1D73}C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe FirewallRules: [{9F6495F6-9DBA-4335-84E0-AD33AFA88B7F}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6D87519B-BA52-4B32-80A7-1B1D2C82057C}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4FA63CE9-F43B-4EB3-BCDF-A4320AD2DE85}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{25487145-1FA5-4542-8493-88AD253B4CF4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{E3BED237-B1A6-4F31-9840-49A7554D105A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{BA6492DC-B4BF-4029-A6B6-69FC2E86765F}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe FirewallRules: [{99AF8B39-04F9-4C96-81FA-B0FFBDC5EF0F}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe FirewallRules: [{E87D053C-1954-442B-B0A2-4A9E27BA8DFC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{10FDAE9E-B062-49DD-9055-37FBA412BEE6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{9AD570F3-AEF7-4AE7-8B57-5A2083247D8A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{2A973628-0A13-41AF-9F53-720CEA9F0F60}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{5D063A80-FF2F-4806-B6D3-6E98884DB5C7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{3E71CA74-CF46-4A41-9E1C-5836CC5872DC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{60ED44F0-86FC-467F-AC4E-8F49E45BC084}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= 10-07-2016 15:28:49 Windows Update 22-07-2016 11:24:19 Ponto de Verificação Agendado 18-08-2016 16:44:44 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 18-08-2016 17:30:16 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 19-08-2016 19:54:08 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 19-08-2016 19:59:19 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 19-08-2016 20:02:20 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Warsaw - Driver (PP) Description: Warsaw - Driver (PP) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsddpp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (08/20/2016 09:26:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de hora: 0x576a791a Nome do módulo de falhas: wsbrmu.dll, versão: 1.12.1.15176, carimbo de hora: 0x576aee6b Código de exceção: 0xc0000005 Deslocamento com falha: 0x000000000010ce3b Identificação do processo com falha: 0x1b54 Hora de início do aplicativo com falha: 0xcore.exe0 Caminho do aplicativo com falha: core.exe1 FCaminho do módulo de falhas: core.exe2 Identificação do Relatório: core.exe3 Error: (08/20/2016 01:04:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de hora: 0x576a791a Nome do módulo de falhas: wsbrmu.dll, versão: 1.12.1.15176, carimbo de hora: 0x576aee6b Código de exceção: 0xc0000005 Deslocamento com falha: 0x000000000010ce3b Identificação do processo com falha: 0x1990 Hora de início do aplicativo com falha: 0xcore.exe0 Caminho do aplicativo com falha: core.exe1 FCaminho do módulo de falhas: core.exe2 Identificação do Relatório: core.exe3 Error: (08/19/2016 11:04:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de hora: 0x576a791a Nome do módulo de falhas: wsbrmu.dll, versão: 1.12.1.15176, carimbo de hora: 0x576aee6b Código de exceção: 0xc0000005 Deslocamento com falha: 0x000000000010ce3b Identificação do processo com falha: 0x1e7c Hora de início do aplicativo com falha: 0xcore.exe0 Caminho do aplicativo com falha: core.exe1 FCaminho do módulo de falhas: core.exe2 Identificação do Relatório: core.exe3 Error: (08/19/2016 09:04:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de hora: 0x576a791a Nome do módulo de falhas: wsbrmu.dll, versão: 1.12.1.15176, carimbo de hora: 0x576aee6b Código de exceção: 0xc0000005 Deslocamento com falha: 0x000000000010ce3b Identificação do processo com falha: 0x125c Hora de início do aplicativo com falha: 0xcore.exe0 Caminho do aplicativo com falha: core.exe1 FCaminho do módulo de falhas: core.exe2 Identificação do Relatório: core.exe3 Error: (08/19/2016 07:04:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de hora: 0x576a791a Nome do módulo de falhas: wsbrmu.dll, versão: 1.12.1.15176, carimbo de hora: 0x576aee6b Código de exceção: 0xc0000005 Deslocamento com falha: 0x000000000010ce3b Identificação do processo com falha: 0x18bc Hora de início do aplicativo com falha: 0xcore.exe0 Caminho do aplicativo com falha: core.exe1 FCaminho do módulo de falhas: core.exe2 Identificação do Relatório: core.exe3 Error: (08/19/2016 05:04:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de hora: 0x576a791a Nome do módulo de falhas: wsbrmu.dll, versão: 1.12.1.15176, carimbo de hora: 0x576aee6b Código de exceção: 0xc0000005 Deslocamento com falha: 0x000000000010ce3b Identificação do processo com falha: 0x16d0 Hora de início do aplicativo com falha: 0xcore.exe0 Caminho do aplicativo com falha: core.exe1 FCaminho do módulo de falhas: core.exe2 Identificação do Relatório: core.exe3 Error: (08/19/2016 12:45:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de hora: 0x576a791a Nome do módulo de falhas: wsbrmu.dll, versão: 1.12.1.15176, carimbo de hora: 0x576aee6b Código de exceção: 0xc0000005 Deslocamento com falha: 0x000000000010ce3b Identificação do processo com falha: 0xae0 Hora de início do aplicativo com falha: 0xcore.exe0 Caminho do aplicativo com falha: core.exe1 FCaminho do módulo de falhas: core.exe2 Identificação do Relatório: core.exe3 Error: (08/18/2016 04:26:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de hora: 0x576a791a Nome do módulo de falhas: wsbrmu.dll, versão: 1.12.1.15176, carimbo de hora: 0x576aee6b Código de exceção: 0xc0000005 Deslocamento com falha: 0x000000000010ce3b Identificação do processo com falha: 0xbf8 Hora de início do aplicativo com falha: 0xcore.exe0 Caminho do aplicativo com falha: core.exe1 FCaminho do módulo de falhas: core.exe2 Identificação do Relatório: core.exe3 Error: (08/17/2016 08:20:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de hora: 0x576a791a Nome do módulo de falhas: wsbrmu.dll, versão: 1.12.1.15176, carimbo de hora: 0x576aee6b Código de exceção: 0xc0000005 Deslocamento com falha: 0x000000000010ce3b Identificação do processo com falha: 0xc24 Hora de início do aplicativo com falha: 0xcore.exe0 Caminho do aplicativo com falha: core.exe1 FCaminho do módulo de falhas: core.exe2 Identificação do Relatório: core.exe3 Error: (08/17/2016 06:56:28 PM) (Source: MsiInstaller) (EventID: 11706) (User: AUTORIDADE NT) Description: SA_Error1709: StandardAction(0xC00706AD): Produto: AVG 2014 -- Erro 1706. SA_Error1706: StandardAction(0xC00706AA): Não é possível encontrar um pacote de instalação para o produto AVG 2014. Experimente a instalação novamente utilizando uma cópia válida do pacote de instalação 'Avgx64.msi'. Erros de Sistema: ============= Error: (08/20/2016 09:27:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 7 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (08/20/2016 01:04:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 6 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (08/20/2016 12:44:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Serviço de Notificação da SPP terminou com o erro: %%5 = Acesso negado. Error: (08/19/2016 11:44:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Serviço de Notificação da SPP terminou com o erro: %%5 = Acesso negado. Error: (08/19/2016 11:04:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 5 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (08/19/2016 10:44:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Serviço de Notificação da SPP terminou com o erro: %%5 = Acesso negado. Error: (08/19/2016 09:44:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Serviço de Notificação da SPP terminou com o erro: %%5 = Acesso negado. Error: (08/19/2016 09:04:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 4 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (08/19/2016 08:44:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Serviço de Notificação da SPP terminou com o erro: %%5 = Acesso negado. Error: (08/19/2016 07:44:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Serviço de Notificação da SPP terminou com o erro: %%5 = Acesso negado. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentagem de memória em uso: 73% RAM física total: 3557.7 MB RAM física disponível: 937.08 MB Virtual Total: 7113.58 MB Virtual disponível: 2497.96 MB ==================== Drives ================================ Drive c: (Sistema) (Fixed) (Total:457.95 GB) (Free:415.04 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)] ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 2BD2C32A) Partition 1: (Not Active) - (Size=7.8 GB) - (Type=DE) Partition 2: (Active) - (Size=457.9 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================